Gstreamer
CVE-2024-47596
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
AnalysisAI
An out-of-bounds read vulnerability in GStreamer's QuickTime demuxer allows remote attackers to read up to 4GB of process memory or crash the application when processing malformed media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication by supplying specially crafted QuickTime files. While not currently in CISA's Known Exploited Vulnerabilities catalog, the low EPSS score of 0.08% suggests limited exploitation in the wild despite the availability of detailed technical advisories.
Technical ContextAI
GStreamer is a widely-used open-source multimedia framework for constructing media processing pipelines, identified by CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability occurs in the qtdemux_parse_svq3_stsd_data function within qtdemux.c when processing SVQ3 (Sorenson Video 3) codec data in QuickTime containers. This is a classic CWE-125 out-of-bounds read where the seqh_size parameter is read from untrusted input without proper bounds checking before being used in a memcpy operation via gst_buffer_fill. The FOURCC_SMI_ case handler fails to validate that sufficient data remains in the buffer before attempting to read seqh_size bytes, potentially accessing memory beyond the allocated buffer boundaries.
RemediationAI
Upgrade GStreamer to version 1.24.10 or later, which contains the fix for this vulnerability as documented in merge request https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch. For systems that cannot be immediately updated, consider implementing input validation for media files before processing with GStreamer, restricting the processing of untrusted QuickTime/MP4 files, or running GStreamer-based applications in sandboxed environments with limited memory access. Debian users should apply the security updates referenced in https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html. Monitor the vendor security page at https://gstreamer.freedesktop.org/security/ for any additional guidance or updates.
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write an
A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to
An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption
A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service o
A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denia
An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory
An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when par
A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska
An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation fault
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today